Redirect issue

[LawrenceVester]

Looks like alot of people are having redirect issues atm. I have been using an assortment of programs to try and clean up my PC but to no avail. So far i have had a handfull of blue screens and a couple of lockup at the XP user select screen as well as a couple of lock ups when trying to enter safe mode with networking. It would either lock up the select screen or lock out my keyboard, both wire/wireless).

Thanks for taking a look.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7533

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/23/2011 10:18:36 PM

mbam-log-2011-08-23 (22-18-36).txt

Scan type: Quick scan

Objects scanned: 184663

Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Run by User at 22:26:02 on 2011-08-23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.1961 [GMT -7:00]

.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\Razer\Naga\RazerNagaSysTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

BHO: {01a7dc65-5934-406d-870a-436c284c019b} - c:\windows\system32\atrace32.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe

mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{FA741FDB-5854-414F-9965-966CF1EC283E} : DhcpNameServer = 192.168.0.1 205.171.3.25

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\windows\system32\msaudite32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\lqwf6fkl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {55bd4d27-a690-4d3a-830c-6ca856176a20} - %profile%\extensions\{55bd4d27-a690-4d3a-830c-6ca856176a20}

FF - Ext: XUL Cache: {819ec364-5c3b-4932-92d4-ff2de0e47f0f} - %profile%\extensions\{819ec364-5c3b-4932-92d4-ff2de0e47f0f}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-15 10448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-15 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-15 22712]

R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-4-16 103424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\mmcshext32.exe --> c:\windows\system32\mmcshext32.exe [?]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-4 12672]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-15 41272]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-08-24 05:25:26 0 ---ha-w- c:\documents and settings\user\uscchuphlw.tmp

2011-08-22 08:04:50 -------- d-sha-r- C:\cmdcons

2011-08-22 08:03:23 98816 ----a-w- c:\windows\sed.exe

2011-08-22 08:03:23 518144 ----a-w- c:\windows\SWREG.exe

2011-08-22 08:03:23 256000 ----a-w- c:\windows\PEV.exe

2011-08-22 08:03:23 208896 ----a-w- c:\windows\MBR.exe

2011-08-22 01:23:05 717312 ----a-w- c:\windows\system32\netui132.exe

2011-08-22 01:23:05 717312 ----a-w- c:\windows\system32\MSSTDFMT32.exe

2011-08-22 01:23:05 158208 ----a-w- c:\windows\system32\msaudite32.dll

2011-08-22 01:23:04 334336 ----a-w- c:\windows\system32\atrace32.dll

2011-08-08 06:00:22 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll

2011-08-08 06:00:22 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 04:11:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-25 02:51:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:26:27.28 ===============

ark.zip

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[LawrenceVester]

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7606

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/29/2011 12:31:29 PM

mbam-log-2011-08-29 (12-31-29).txt

Scan type: Quick scan

Objects scanned: 186533

Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\netui132.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\msstdfmt32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

ComboFix 11-08-29.03 - User 08/29/2011 12:36:55.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2075 [GMT -7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xcp8e6qh.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{09f475d5-8037-45bb-bafd-b7603b65b8f3}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{4999f941-a91b-42ea-91de-262c9d5ba291}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{6255e3c4-088c-4d11-8415-aae593666717}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{908d025f-bda0-4d36-9d40-31ddf8fce189}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{acd8adc5-f0d6-45bc-ba91-d1c89ac39256}\install.rdf

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\chrome.manifest

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\chrome\xulcache.jar

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\defaults\preferences\xulcache.js

c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{e85093b3-e006-45cc-aa5b-5ffd0b04f2b4}\install.rdf

c:\documents and settings\User\uscchuphlw.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))

.

.

2011-08-29 19:26 . 2011-08-29 19:26 -------- d-----w- c:\program files\Common Files\Adobe

2011-08-26 03:03 . 2011-08-26 03:03 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Opera

2011-08-26 03:03 . 2011-08-26 03:03 -------- d-----w- c:\program files\Opera

2011-08-10 16:13 . 2011-08-10 16:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-08-08 06:00 . 2010-06-22 22:47 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll

2011-08-08 06:00 . 2010-06-22 22:47 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-29 19:09 . 2010-04-09 18:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52 . 2010-08-15 12:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2010-08-15 12:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 04:11 . 2011-06-17 01:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10 . 2009-05-22 23:15 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-15 09:27 . 2010-08-15 08:45 112832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-22_08.25.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-29 19:33 . 2011-08-29 19:33 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat

+ 2008-04-14 12:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe

- 2008-04-14 12:00 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe

+ 2011-08-29 19:26 . 2011-08-29 19:26 19968 c:\windows\Installer\1be1f.msi

+ 2010-09-23 11:47 . 2010-09-23 11:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe

+ 2010-09-23 10:03 . 2010-09-23 10:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe

+ 2010-09-21 06:07 . 2010-09-21 06:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll

+ 2010-09-23 09:52 . 2010-09-23 09:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe

+ 2010-09-23 01:12 . 2010-09-23 01:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe

+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe

+ 2010-09-23 01:10 . 2010-09-23 01:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll

+ 2010-09-11 01:17 . 2010-09-11 01:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll

+ 2010-09-23 03:41 . 2010-09-23 03:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe

+ 2010-09-21 06:07 . 2010-09-21 06:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe

+ 2010-09-23 11:47 . 2010-09-23 11:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe

+ 2010-09-23 01:04 . 2010-09-23 01:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll

+ 2010-09-23 02:39 . 2010-09-23 02:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe

+ 2010-09-21 06:07 . 2010-09-21 06:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe

+ 2010-09-23 01:50 . 2010-09-23 01:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe

+ 2011-08-29 19:26 . 2011-08-29 19:26 3940864 c:\windows\Installer\1bf52.msi

+ 2010-09-23 01:05 . 2010-09-23 01:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll

+ 2010-09-16 10:08 . 2010-09-16 10:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll

+ 2010-06-20 00:51 . 2010-06-20 00:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll

+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\1c00d.msp

+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\1c00c.msp

+ 2010-09-23 10:03 . 2010-09-23 10:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"nwiz"="nwiz.exe" [2009-06-10 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]

"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Documents and Settings\\User\\Desktop\\keyclone\\keyclone.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA30.EXE"=

"c:\\Program Files\\Opera\\opera.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/15/2010 3:10 AM 10448]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2010 5:20 AM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/15/2010 5:20 AM 22712]

R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [4/16/2011 2:47 PM 103424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\mmcshext32.exe --> c:\windows\system32\mmcshext32.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/15/2010 5:20 AM 41272]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 8:08 PM 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {55bd4d27-a690-4d3a-830c-6ca856176a20} - %profile%\extensions\{55bd4d27-a690-4d3a-830c-6ca856176a20}

FF - Ext: XUL Cache: {819ec364-5c3b-4932-92d4-ff2de0e47f0f} - %profile%\extensions\{819ec364-5c3b-4932-92d4-ff2de0e47f0f}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{01A7DC65-5934-406D-870A-436C284C019b} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-29 12:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(636)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

Completion time: 2011-08-29 12:41:17

ComboFix-quarantined-files.txt 2011-08-29 19:41

ComboFix2.txt 2011-08-23 01:26

ComboFix3.txt 2011-08-22 08:26

.

Pre-Run: 926,536,925,184 bytes free

Post-Run: 926,543,060,992 bytes free

.

- - End Of File - - 420CD231B81B0418118DB544E4BB13F4

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13

Run by User at 12:58:34 on 2011-08-29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2072 [GMT -7:00]

.

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\Razer\Naga\RazerNagaSysTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com

uInternet Connection Wizard,ShellNext = iexplore

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe

mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{34008BB7-D735-4356-A098-D6DCB4184986} : DhcpNameServer = 10.0.0.1

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\lqwf6fkl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XUL Cache: {55bd4d27-a690-4d3a-830c-6ca856176a20} - %profile%\extensions\{55bd4d27-a690-4d3a-830c-6ca856176a20}

FF - Ext: XUL Cache: {819ec364-5c3b-4932-92d4-ff2de0e47f0f} - %profile%\extensions\{819ec364-5c3b-4932-92d4-ff2de0e47f0f}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-15 10448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-15 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-15 22712]

R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-4-16 103424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\mmcshext32.exe --> c:\windows\system32\mmcshext32.exe [?]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-4 12672]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-15 41272]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-08-29 19:36:17 -------- d-----w- C:\ComboFix

2011-08-26 03:03:22 -------- d-----w- c:\documents and settings\user\local settings\application data\Opera

2011-08-22 08:04:50 -------- d-sha-r- C:\cmdcons

2011-08-22 08:03:23 98816 ----a-w- c:\windows\sed.exe

2011-08-22 08:03:23 518144 ----a-w- c:\windows\SWREG.exe

2011-08-22 08:03:23 256000 ----a-w- c:\windows\PEV.exe

2011-08-22 08:03:23 208896 ----a-w- c:\windows\MBR.exe

2011-08-08 06:00:22 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll

2011-08-08 06:00:22 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

.

==================== Find3M ====================

.

2011-08-29 19:09:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 04:11:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 12:58:41.96 ===============

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

[LawrenceVester]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=69f14535ebb5ec43b6c6307797d53444

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-01 08:26:16

# local_time=2011-09-01 01:26:16 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8199 39157077 100 100 92104 80868904 0 0

# compatibility_mode=9217 16777214 0 9 26344233 26344233 0 0

# scanned=83216

# found=43

# cleaned=43

# scan_time=1887

# nod_component=V3 Build:0x30000000

C:\Documents and Settings\User\Desktop\GooredFix Backups\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{0c171c36-b0e5-48c8-a527-5f4cd85c253f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\GooredFix Backups\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{22b40fa8-5077-4922-9971-c97c5bab0ff8}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\GooredFix Backups\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{273fba0d-2e94-4f51-8368-f6e176128fe4}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\GooredFix Backups\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{658ec0de-8839-4c3a-9d99-d96f7aa7e1fc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\User\Desktop\GooredFix Backups\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lqwf6fkl.default\extensions\{658ec0de-8839-4c3a-9d99-d96f7aa7e1fc}\{658ec0de-8839-4c3a-9d99-d96f7aa7e1fc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0094522.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0094523.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0096526.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0096527.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099129.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099288.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099289.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099290.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099291.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099292.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0099293.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0100588.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP367\A0100589.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP368\A0101688.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP368\A0101689.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP368\A0102699.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP368\A0102700.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP368\A0102721.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP368\A0102722.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP369\A0103742.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP369\A0103743.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105014.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105015.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105016.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105017.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105018.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105019.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105020.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105021.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105022.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105023.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105024.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP370\A0105025.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP374\A0106142.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP374\A0106143.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP374\A0106144.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP374\A0106145.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E32B4009-FF7F-485E-8CFE-5E3447A263E5}\RP374\A0106146.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET NOD32 Antivirus

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 13

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (3.6.17) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Appears everything is in working condition. I ran a quick scan with malwarebyes and the temp file is no longer popping up on my desktop. Thanks a ton!

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 13

Adobe Reader 9.0

Restart your computer.

Get the latest version of Java and Adobe Reader.

Also update your version of Firefox; ensure that you're using version 6.

Let me know what issues remain.

-screen317

[LawrenceVester]

After following your instructions installing combofix, java update 6, eset online scanner, adobe reader 9, and security check, i seem to be getting a BSOD while streaming an videos. I am unsure if this is due to the malware i had or possible a compatibility issue with adobe flash and my video card. Ive tried rolling back video card driver but the only fix ive seen is to roll flash back to 10.1. However this issue might no longer be suitable for this forum. Any ways i would like to say thanks a bunch for the help on correcting the issues i had.

[screen317]

Hi,

Try updating your graphics card driver. Likely that they'd be aware of the incompatibility by now.

Let me know if there's anything else I can do for you.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!